tiff: Check that there is no aliasing in pixel format selection

Fixes possible issues with unexpected bpp/bppcount values. CC: libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Bug-Id: CVE-2014-8544 (cherry picked from commit ae5e1f3d663a8c9a532d89e588cbc61f171c9186) Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit eb9041403d820634c45ed4ee98570246a252507a) Signed-off-by: Reinhard Tartler <siretart@tauware.de> (cherry picked from commit 62b0462e5fa78901380ca229ddb6a7625efd61a2) Signed-off-by: Reinhard Tartler <siretart@tauware.de>
author: Anton Khirnov <anton@khirnov.net> 2015-03-07 22:06:59 +0100
committer: Reinhard Tartler <siretart@tauware.de> 2015-03-08 22:30:43 -0400
commit: ec5b2f6a385959048f780b4e7d3d259dc1fa8421 (patch)
tree: 6d19656303f0f94b8c6ffc88aa99083569699d4a
parent: 82776caf7993221719eefbe576f851c7e52dfef9 (diff)
download: ffmpeg-ec5b2f6a385959048f780b4e7d3d259dc1fa8421.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index c0b611f631..20f2a47f22 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -218,6 +218,14 @@ static int init_image(TiffContext *s)
     int i, ret;
     uint32_t *pal;
 
+    // make sure there is no aliasing in the following switch
+    if (s->bpp >= 100 || s->bppcount >= 10) {
+        av_log(s->avctx, AV_LOG_ERROR,
+               "Unsupported image parameters: bpp=%d, bppcount=%d\n",
+               s->bpp, s->bppcount);
+        return AVERROR_INVALIDDATA;
+    }
+
     switch (s->bpp * 10 + s->bppcount) {
     case 11:
         s->avctx->pix_fmt = PIX_FMT_MONOBLACK;
author	Anton Khirnov <anton@khirnov.net>	2015-03-07 22:06:59 +0100
committer	Reinhard Tartler <siretart@tauware.de>	2015-03-08 22:30:43 -0400
commit	ec5b2f6a385959048f780b4e7d3d259dc1fa8421 (patch)
tree	6d19656303f0f94b8c6ffc88aa99083569699d4a
parent	82776caf7993221719eefbe576f851c7e52dfef9 (diff)
download	ffmpeg-ec5b2f6a385959048f780b4e7d3d259dc1fa8421.tar.gz